OS: Windows 2003 SP2 SDK: 2003 R2 SDK We have a multithreaded application that uses a REST-style interface to an SSL-enabled UNIX box that only uses AES. I tried using WinHTTP, but unfortunately, AES is broken in the 2003 version of WinHTTP (confirmed by M$). SO, I hook up stunnel, which works fine when I only start one thread, but if I use more than 1 thread, I get the following error in the stunnel.log. Note that the error is on thread 7140, and the connection is immediately closed. I have retry logic that re-starts failed threads, and the restarted thread works the second time. (of course, the first has finished, so it is essentially running by itself.) The other item of interest is that each thread is sending about 500,000 bytes of data in chunks of 16,000 bytes, and my trace shows that it usually fails after having written more than 100,000 bytes successfully. Any suggestions or help would be greatly appreciated... 2009.04.10 13:17:01 LOG7[3016:7040]: SSL state (connect): SSLv3 flush data 2009.04.10 13:17:01 LOG7[3016:7140]: SSL alert (write): fatal: decrypt error <<<<< ----- NOTE FAILS HERE ON thread 7140 2009.04.10 13:17:01 LOG7[3016:7040]: SSL state (connect): SSLv3 read finished A 2009.04.10 13:17:01 LOG7[3016:7040]: 0 items in the session cache 2009.04.10 13:17:01 LOG7[3016:7040]: 20 client connects (SSL_connect()) 2009.04.10 13:17:01 LOG7[3016:7040]: 19 client connects that finished 2009.04.10 13:17:01 LOG7[3016:7040]: 0 client renegotiations requested 2009.04.10 13:17:01 LOG7[3016:7040]: 0 server connects (SSL_accept()) 2009.04.10 13:17:01 LOG7[3016:7040]: 0 server connects that finished 2009.04.10 13:17:01 LOG7[3016:7040]: 0 server renegotiations requested 2009.04.10 13:17:01 LOG7[3016:7040]: 0 session cache hits 2009.04.10 13:17:01 LOG7[3016:7040]: 0 session cache misses 2009.04.10 13:17:01 LOG7[3016:7040]: 0 session cache timeouts 2009.04.10 13:17:01 LOG6[3016:7040]: SSL connected: new session negotiated 2009.04.10 13:17:01 LOG6[3016:7040]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 2009.04.10 13:17:01 LOG3[3016:7140]: SSL_connect: 1408C095: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed 2009.04.10 13:17:01 LOG5[3016:7140]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2009.04.10 13:17:01 LOG7[3016:7140]: bycast-write-1 finished (1 left) Configuratation file: ;Stunnel configuration for Acuo. ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Some debugging stuff useful for troubleshooting debug = 7 output = stunnel.log ; Use it for client mode client=yes verify=0 ; Service-level configuration [bycast-read-1] accept = 18080 connect = 10.220.8.100:8080 ;ciphers=AES128-SHA:AES256-SHA TIMEOUTclose = 0 sslVersion = TLSv1 Dale Kingsbury Founder - Lead Software Engineer Phone: 651-744-9225 << NOTE new number Fax: 651-730-4231 Cel: 651-592-5204 email: [email protected] <mailto:[email protected]> RSNA Booth #4980
